search for: idmap_sss

...nny via samba: > see Red-Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1663323 > They no longer support using sssd with winbind. Yes, I know that discussion, and if you read the corresponding bug report, the case that was mentioned (which is outdated already, please look for info on idmap_sss for Samba for combining the two) is if sssd and winbind run against the same domain and both derive information for the same user base. There are later bug reports which explicitly state that the corresponding note, which was added to the documentation at the beginning of this year, is outdated...

...as I'm not using sssd and winbind for the same authentication domain (rather, winbind is for a windows domain, sssd for an LDAP-based authentication domain, and the usernames don't overlap), my only solution would be to switch to sssd completely, which is definitely possible thanks to idmap_sss (i.e., there's interoperability between winbind and sssd when both go against the same domain, as not having any integration would break all the other Samba services when working with sssd). So, anyway, this comment is neither correct (RedHat explicitly states how to configure winbind/samb...

On 6/25/19 11:21 AM, Gregory Sloop via samba wrote: > You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain. > Something like - Connect as: User: "somedomain\pat" with Pat's password. > When we try this from a machine that is not connected to the domain, authentication fails:

...ng sssd and winbind for the same authentication domain > (rather, winbind is for a windows domain, sssd for an LDAP-based > authentication domain, and the usernames don't overlap), my only > solution would be to switch to sssd completely, which is definitely > possible thanks to idmap_sss (i.e., there's interoperability between > winbind and sssd when both go against the same domain, as not having > any integration would break all the other Samba services when working > with sssd). > > So, anyway, this comment is neither correct (RedHat explicitly states >...

...ber attributes to AD ? > No since we are not using Samba to authenticate any users on the Ubuntu > machines. We only use Samba to join the computer to the Active Directory > domain. Reading between the lines, it sounds like you are using sssd, if so, you need to configure smb.conf to use idmap_sss and have no shares. You cannot use sssd with Samba >= 4.8.0 and have shares. If you are going to use idmap_ad (backend = ad), then you must add uidNumber and gidNumber attributes to AD > >> include = /etc/samba/local_shares.conf >> >>> What is in the include fi...

Hey, Am 23.08.2019 11:13, schrieb L.P.H. van Belle via samba: > Your where running Debian buster 4.9.5, you could try my 4.9.11/4.10.6 > package of debian sid/testing, its 4.9.11 package. same behaviour with testing (4.9.11), tested that already. As I already wrote, I've definitely checked the networking, and that's all fine. There are no network packets generated by winbind when

Hi Gurus, I have a simple failover cluster on two SLES 12 SP3 nodes with Samba/winbind for authenticating AD-user access to the shares. The shares are reached through a virtual hostname/IP which differs from the SLES-server itself. The servers uses SSSD for normal SSH-authentication, also against the same Active Domain. Here is the problem - if I get Samba/winbind to work with the virtual

Rowland penny via samba ha scritto il 27/08/20 alle 16:43: > [...] > Netbios is intrinsically tied to SMBv1 and? LLMNR (Link-Local Multicast > Name Resolution) is also connected in a way, it allows name resolutions > without a nameserver. So, if you are using it, I personally wouldn't, > ever heard of MITM ? Just to understand a little more... NetBIOS with a wins server

Le jeu. 4 juin 2020 ? 16:48, Rowland penny via samba <samba at lists.samba.org> a ?crit : > On 04/06/2020 15:25, mathias dufresne wrote: > > > > System users are users which can be used in system side. Typically > > those in /etc/passwd but for a more generic approach I mean "each and > > every users available through 'getent passwd [username]'"

I'm running samba 4.4.4 on el7. I'm attempting to provide a share auth by Kerberos or for non-kerberos hosts auth by password on Linux or Windows (7) clients. We have uid/gid/group memberships in AD and typically configure Linux hosts with a kerberos/sssd/ldap configuration which uses attributes from AD, but are not joined to domain. I need to be able to automate the domain join with

Hi all, I have successfully joined a Ubuntu 20.04 (focal) machine to a Active Directory domain using ADS. Running the `net ads status` command does not output the information that I expect. This is an example of running `net ads status` on a Ubuntu 20.04 (focal) machine running Samba version 4.11.6-Ubuntu. # net ads status objectClass: top objectClass: person objectClass: organizationalPerson